This application claims priority to Chinese Patent Application No. 200910119377.8, filed on Mar. 24, 2009, which is hereby incorporated by reference in its entirety.
TECHNICAL FIELD
The present invention relates to communications technologies, and in particular, to a method and an apparatus for accessing heterogeneous networks via a wireless local area network.
BACKGROUND
With the development of communications technologies, wireless and broadband communications have already become an important development trend in the future.
On network systems such as Third Generation Partnership Project (3GPP) and Worldwide Interoperability for Microwave Access (WiMAX) networks, the wireless spectrum resources are limited. Because low spectrums (generally smaller than 2 GHz) are occupied by broadcast, TV, military, or civil networks, the wireless bandwidth moves towards high frequency bands. But, high frequency band technologies may bring about a poor indoor coverage. The Wireless Local Area Network (WLAN) has advantages such as low costs and wide application scope, and can support multiple terminals.
The convergence of communication services and the customer-compliance-oriented operation mode need supports from the network convergence technology. The WLAN has the potential of being a supplement to the data networks. A solution to operating multiple data networks may be implemented by accessing via the WLAN. This solution can solve the problem of limited spectrum resources of multiple data networks. In addition, multiple terminals that access the WLAN can access multiple data networks via the WLAN. In this way, the WLAN can share the coverage of the other data networks, thus saving network coverage costs.
The prior art has the following problem. Terminals that access the WLAN are unable to access multiple data networks.
SUMMARY OF THE INVENTION
Embodiments of the present invention provide a method and an apparatus for accessing heterogeneous networks via a WLAN, so that the terminal that accesses the WLAN can access multiple data networks.
The method for accessing heterogeneous networks via the WLAN may be implemented by the following technical solution. An access request is received from a terminal or a portal/policy server. A target network that the terminal needs to access is determined according to the access request. The access request is converted according to the format of the target network transmission protocol. The converted access request is sent to the target network. An authentication result is received from the target network, and the authentication result is sent to the terminal.
An authentication serving gateway provided in an embodiment of the present invention includes a request receiving unit that is adapted to receive an access request from a terminal or a portal/policy server. A target network determining unit is adapted to determine a target network that the terminal needs to access according to the access request. A request converting unit is adapted to convert the access request according to the format of the target network transmission protocol. A request sending unit is adapted to send the converted access request to the target network. An authentication result receiving unit is adapted to receive an authentication result from the target network. An authentication result sending unit is adapted to send the authentication result to the terminal.
A portal/policy server provided in an embodiment of the present invention includes an access request receiving unit adapted to receive an access request from a terminal. A login page sending unit is adapted to send an authentication login page to the terminal after receiving the access request. A login information receiving unit is adapted to receive authentication login information from the terminal. An access request sending unit is adapted to determine an access policy according to the authentication login information and send an access request that carries the access policy to the authentication serving gateway.
The preceding technical solution has the following benefits. The target network that the terminal needs to access is determined according to the access request sent from a WLAN terminal; and an access request that complies with the format of the target network transmission protocol is sent to the target network, so that the WLAN terminal can access multiple data networks.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flowchart of a method in an embodiment of the present invention;
FIG. 2 is a flowchart of another method in an embodiment of the present invention;
FIG. 3 shows a schematic diagram of an authentication serving gateway in an embodiment of the present invention;
FIG. 4 shows a schematic diagram of another authentication serving gateway in an embodiment of the present invention;
FIG. 5 shows a schematic diagram of the authentication serving gateway with charging functions in an embodiment of the present invention;
FIG. 6 shows a schematic diagram of another authentication serving gateway in an embodiment of the present invention;
FIG. 7 shows a schematic diagram of the authentication serving gateway with a monitoring unit in an embodiment of the present invention;
FIG. 8 shows a schematic diagram of a portal/policy server in an embodiment of the present invention;
FIG. 9 shows a schematic diagram of another portal/policy server in the third embodiment of the present invention;
FIG. 10 shows a schematic diagram of a system in an embodiment of the present invention; and
FIG. 11 shows another schematic diagram of the system in an embodiment of the present invention.
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
Embodiments of the present invention provide a method, an apparatus, and a system for accessing heterogeneous networks via a WLAN, so that the terminal that accesses the WLAN can access multiple data networks.
First Embodiment
As shown in FIG. 1, the method for accessing heterogeneous networks via the WLAN in the first embodiment includes the following steps.
Step 101: Receive an access request from a terminal or a portal/policy server.
The access request may include the information about the target network that the terminal needs to access. The information may be directly indicated in the access request. The information also may be implied in the access request, for example, the home operator and supporting network may be determined according to the number of the terminal.
Step 102: Determine a target network that the terminal needs to access according to the access request.
Step 103: Convert the access request according to the format of the target network transmission protocol.
Step 104: Send the converted access request to the target network.
Step 105: Receive an authentication result from the target network.
Step 106: Send the authentication result to the terminal.
The entities that execute the preceding steps may be various devices that implement authentication conversion for accessing via WLAN, for example, an added authentication serving gateway or devices that integrate a function which can execute the preceding steps. In this embodiment, the target network that the terminal needs to access is determined according to the access request sent from the terminal; and the access request being transformed to comply with the format of the target network transmission protocol is sent to the target network, so that the WLAN terminal can access multiple data networks.
The heterogeneous networks may be data networks different from the WLAN. The data networks different from the WLAN are various. Because these networks are usually based on different protocols or architecture, they are called heterogeneous networks in the embodiments of the present invention.
In this embodiment, the target network that the terminal needs to access is determined according to the access request sent from the terminal; and the access request being transformed to comply with the format of the target network transmission protocol is sent to the target network, so that the WLAN terminal accesses multiple data networks. This solution does not require modification to a terminal and therefore is easy to implement.
Optionally, after receiving the access request from the terminal in step 101, the following steps may further be performed:
sending the access request to the portal/policy server;
sending an authentication login page from the portal/policy server to the terminal;
sending the authentication login information from the terminal to the portal/policy server; and receiving an access request that carries an access policy from the portal/policy server.
Then, the step 102 of determining a target network that the terminal needs to access according to the access request may be as follows:
determining the target network that the terminal needs to access according to the access policy carried in the access request sent from the portal/policy server.
Further, after receiving the authentication result from the target network in step 105, the following steps may be performed:
sending the authentication result to the portal/policy server;
receiving service policy information from the portal/policy server; and
obtaining the charging information according to the user service information collected based on the service policy information; and then sending the charging information to at least one of the following: a Business Operation Support System (BOSS), the target network, and a local charging system.
In the preceding embodiment, the policies for accessing heterogeneous networks are uniformly managed by the portal/policy server, thus simplifying the authentication serving gateway and facilitating the management of the heterogeneous network information.
In addition, the unified authentication or unified charging of the WLAN and multiple networks may promote the convergence of these networks.
Optionally, after receiving the service policy information from the portal/policy server, the service policy information may be further sent to the terminal.
Optionally, after receiving the service policy information from the portal/policy server, the following steps may be performed:
monitoring whether heartbeat times out or whether a logout message is received from the terminal; and
if the heartbeat times out or a logout message is received from the terminal, stopping obtaining the charging information and disconnecting the network.
In the preceding embodiment, the user is informed of the terminal service policy information, which makes the user's right to know the services the user used come true and lays a foundation for changing the service policy. Whether a heartbeat times out is monitored. If it is detected that the heartbeat times out, the terminal that is connected but is idle may be disconnected, thus saving access resources.
Second Embodiment
For example, in this embodiment, the authentication serving gateway and portal/policy server are configured to implement authentication conversion for WLAN access. The following WLAN takes the Wireless Fidelity (WiFi) of the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard as an example.
In this embodiment, the WiFi terminal may establish a communication connection with the authentication serving gateway through an Access Point (AP). A Home Subscriber Server (HSS) may also be configured to implement authentication conversion. The target network may include an Authentication, Authorization and Accounting (AAA) server, a billing system or BOSS, and a Home Location Register (HLR).
Step 201: The WiFi terminal discovers the network, and enters the WiFi coverage area to access a local area network. During the process of accessing the local area network, a Dynamic Host Configuration Protocol (DHCP) server may allocate an IP address to the WiFi terminal. The IP address may be used as the communication address between the WiFi terminal and the local area network.
Step 202: The WiFi terminal executes the login process. In this process, the WiFi terminal sends an access request to the authentication serving gateway. For example, the WiFi terminal opens the browser and enters any Internet address to connect to the Internet. After receiving the access request, the authentication serving gateway redirects the request (the redirection may be routing redirection). That is, the authentication serving gateway changes the accessed Internet address to the authentication page address of a portal/policy server, where the portal/policy server may be a portal server or a policy server. The portal/policy server feeds back an authentication login page to the WiFi terminal. The preceding authentication login page may be a Web portal page.
Step 203: The WiFi terminal receives authentication login information entered on the Web authentication login page, where the authentication login information may be the user name and password, and then sends the authentication login information to the portal/policy server.
Step 204: The portal/policy server sends an access request to the authentication serving gateway.
The portal/policy server may store IDs of various types of user names and corresponding operator information. When receiving the authentication login information from the terminal, the portal/policy server may determine policies such as the access policy, authentication policy, and charging policy of the terminal. The access policy may be carried in the preceding access request that the portal/policy server sends to the authentication serving gateway.
Step 205: The authentication serving gateway determines a target network that the terminal needs to authenticate or charge according to the access request. In the preceding determine process, the condition for determining a target network that the terminal needs to authenticate or charge may be obtained from an HSS.
The authentication serving gateway converts the user authentication login information into a standard access request that meets the format of the target network. The standard access request may be converted according to the format of the target network transmission protocol.
Step 206: The authentication serving gateway sends the converted standard user access request to the target network to start the user access authentication process. After the target network is authenticated, the authentication serving gateway receives an authentication result from the target network.
Step 207: The authentication serving gateway sends the authentication result to the portal/policy server. If the authentication succeeds, the portal/policy server may send the service policy information of the user to the authentication serving gateway. The service policy may include information such as types of services that the user subscribes to. The portal/policy server may also send the access policy of the WiFi terminal to the authentication serving gateway and the WiFi terminal. If the WiFi and a Global System for Mobile Communications (GSM) are available at the same time, the terminal may select a proper access mode. For example, it uses the WiFi first to establish voice communication services, thus saving toll fees.
In addition, the user may send a change request for changing the required service or a query request for querying for the services subscribed by the user to the portal/policy server on the Web portal page. Then, the portal/policy server may send the service information subscribed by the user to the WiFi terminal according to the query request or change the services subscribed to by the user according to the change request.
Step 208: The WiFi terminal accepts communications of normal services. In this process, the terminal may always interact with the target network through the authentication serving gateway, and the authentication serving gateway may collect the user service information.
Step 209: The authentication serving gateway monitors whether the terminal logs out. For example, the monitoring method may be: The authentication serving gateway monitors whether the heartbeat times out (it may periodically check whether the data link is still in the activated state; if no response is made after the preset time ends, the heartbeat times out.) or whether a logout request is received from the WiFi terminal; if it is detected that the heartbeat times out or a logout message is received from the terminal, the process goes to step 211.
Step 210: The authentication serving gateway sends the obtained charging information to the target network. The target network may charge the WiFi terminal according to the obtained charging information, and send the obtained charging information to the local charging system and the home charging system of the user. The local operator network and home operator network allocate fees and benefits according to a protocol. If the charging information is customized by the BOSS, the authentication serving gateway may send the obtained charging information to the BOSS.
Step 211: The authentication serving gateway stops charging and disconnects the Internet (logout process).
In this embodiment, the authentication serving gateway may act as the access control component of the WLAN, and manage the WLAN session access. In this embodiment, the process of sending an authentication page to the terminal by the portal/policy server and returning the login information by the terminal is a user authentication process based on the Web Portal, which may be implemented by using following multiple methods:
First method: A one-time login password is used. The user enters a mobile phone number on the Web portal authentication page, and sends the mobile phone number to the portal server. The portal server feeds back a one-time login password through short messages. After the user obtains the password, the user enters the password on the Web portal authentication page for authentication. This method has the following merit: When the user needs network services, the portal server sends a one-time password; this method features high security and is of a post-paid type.
Second method: The terminal subscribes to and registers with the operator network before accessing the network, and deposits money in the terminal account. This method is of a prepaid type.
Third Embodiment
As shown in FIG. 3, an authentication serving gateway provided in this embodiment includes:
a request receiving unit 301, adapted to receive an access request from a terminal or a portal/policy server;
a target network determining unit 302, adapted to determine a target network that the terminal needs to access according to the access request;
a request converting unit 303, adapted to convert the access request according to the format of the target network transmission protocol;
a request sending unit 304, adapted to send the converted access request to the target network;
an authentication result receiving unit 305, adapted to receive the authentication result sent from the target network; and
an authentication result sending unit 306, adapted to send the authentication result to the terminal.
Further, the request sending unit 304 is further adapted to send the access request from the terminal received by the request receiving unit 301 to the portal/policy server.
As shown in FIG. 4, the preceding authentication serving gateway may further include:
a login page sending unit 401, adapted to send the authentication login page from the portal/policy server to the terminal;
a login information sending unit 402, adapted to send the authentication login information from the terminal to the portal/policy server;
Optionally, the request receiving unit 301, adapted to receive an access request from the portal/policy server, where the access request carries an access policy; and
the target network determining unit 302, adapted to determine a target network that the terminal needs to access according to the access policy carried in the access request sent from the portal/policy server.
Optionally, the preceding authentication result sending unit 306 is further adapted to send the authentication result to the portal/policy server.
As shown in FIG. 5, the preceding authentication serving gateway may further include:
a service policy receiving unit 501, adapted to receive the service policy information from the portal/policy server after the authentication result sending unit 306 sends the authentication result to the portal/policy server;
a charging information obtaining unit 502, adapted to obtain charging information according to the user service information collected base on the service policy information; and
a charging information sending unit 503, adapted to send the charging information obtained by the charging information obtaining unit 502 to at least one of the following: the BOSS, the target network, and the local charging system.
As shown in FIG. 6, the preceding authentication serving gateway may further include:
a service policy sending unit 601, adapted to send the service policy information to the terminal.
As shown in FIG. 7, the preceding authentication serving gateway may further include:
a logout monitoring unit 701, adapted to: monitor whether the heartbeat times out and whether a logout message is received from the terminal; and
an obtaining and connection controlling unit 702, adapted to: stop obtaining the charging information and disconnect the network if the heartbeat times out or a logout message is received from the terminal.
In this embodiment, the target network that the terminal needs to access is determined according to the access request sent from the WLAN terminal; and an access request that complies with the format of the target network transmission protocol is sent to the target network, so that the WLAN terminal accesses multiple data networks.
The policies for accessing heterogeneous networks are uniformly managed by the portal/policy server. In this way, the authentication serving gateway may be simplified and the heterogeneous network information may be managed clearly.
In addition, the unified authentication or unified charging of the WLAN and multiple networks may promote the convergence of these networks.
In the preceding implementation method, the user is informed of the terminal service policy information, which reflects the user's right to know the truth and lays a foundation for changing the service policy. If it is detected that the heartbeat times out, the terminal that is connected but is idle may be disconnected, thus saving access resources.
Fourth Embodiment
As shown in FIG. 8, the portal/policy server provided in this embodiment includes:
an access request receiving unit 801, adapted to receive an access request from the terminal;
a login page sending unit 802, adapted to send an authentication login page after receiving the access request;
a login information receiving unit 803, adapted to receive the authentication login information; and
an access request sending unit 804, adapted to: determine an access policy according to the authentication login information, and send an access request that carries the access policy to the authentication serving gateway.
As shown in FIG. 9, the preceding portal/policy server may further include:
an authentication result receiving unit 901, adapted to receive the authentication result from the authentication serving gateway; and
a service policy sending unit 902, adapted to send the service policy information corresponding to the authentication result to the authentication serving gateway.
The policies for accessing heterogeneous networks are uniformly managed by using the portal/policy server. In this way, the authentication serving gateway may be simplified and the heterogeneous network information may be managed clearly.
Fifth Embodiment
As shown in FIG. 10, the system for accessing heterogeneous networks via the WLAN in this embodiment includes an authentication serving gateway 1001, a target network 1002, and a terminal 1003 that are mutually connected.
The authentication serving gateway 1001 is adapted to: receive an access request from the terminal 1003; determine the target network 1002 that the terminal 1003 needs to access according to the access request; convert the access request according to the format of the transmission protocol required by the target network 1002; send the converted access request to the target network 1002; receive an authentication result from the target network 1002, and send the authentication result to the terminal 1003.
Optionally, as shown in FIG. 11, the system may further include a portal/policy server 1101.
The authentication serving gateway 1001 is further adapted to receive the access request from the portal/policy server 1101. After receiving the access request from the portal/policy server 1101, the authentication serving gateway 1001 is further adapted to: send the access request from the terminal to the portal/policy server 1101; send the authentication login page from the portal/policy server to the terminal 1003; send the authentication login information from the terminal 1003 to the portal/policy server 1101; receive an access request that carries the access policy from the portal/policy server 1101; and determine the target network 1002 that the terminal 1003 needs to access according to the access policy in the access request from the portal/policy server 1101.
The portal/policy server 1101 is adapted to: receive an access request from the terminal 1003; send the authentication login page to the authentication serving gateway 1001 after receiving the access request; receive the authentication login information, determine the access policy according to the authentication login information, and send an access request that carries the access policy to the authentication serving gateway 1001.
Further, the preceding authentication serving gateway is further adapted to send the preceding authentication result to the portal/policy server 1101; receive the service policy information from the portal/policy server 1101; and obtain the charging information according to the user service information collected base on the service policy information, and send the charging information to at least one of the following: the BOSS, the target network 1002, and the local charging system.
The portal/policy server 1101 is further adapted to: receive the authentication result from the authentication serving gateway 1001, and send the service policy information corresponding to the authentication result to the authentication serving gateway 1001.
In this embodiment, the target network that the terminal needs to access is determined according to the access request sent from the WLAN terminal; and an access request that complies with the format of the target network transmission protocol is sent to the target network, so that the WLAN terminal accesses multiple data networks.
The policies for accessing heterogeneous networks are managed by using the portal/policy server. In this way, the authentication serving gateway may be simplified and the heterogeneous network information may be managed clearly.
In addition, the unified authentication or unified charging of the WLAN and multiple networks may promote the convergence of these networks.
Those skilled in the art may understand that all or part of the steps in the preceding embodiments may be performed by a program instructing relevant hardware. The program may be stored in a computer readable storage medium such as a Random-Access Memory (RAM), a memory, a Read-Only Memory (ROM), an Electrically-Programmable Read-Only Memory (EPROM), an Electrically-Erasable Programmable Read-Only Memory (EEPROM), a register, a hard disk, a removable disk, a Compact Disc-Read Only Memory (CD-ROM), or a storage medium of any forms well-known to persons skilled in the art.
Detailed above are a method, an apparatus, and a system for accessing heterogeneous networks via the WLAN under the present invention. Although the invention is described through several exemplary embodiments, the invention is not limited to such embodiments. It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. The invention shall cover the modifications and variations provided that they fall within the scope of protection defined by the following claims or their equivalents.